“Today’s cyber landscape has provided ample opportunities for criminals and adversaries to target U.S. networks, attack our critical infrastructure, hold our money and data for ransom, facilitate large-scale fraud schemes, and threaten our national security.”
Year over year, industry trends point toward a common theme — fraud is evolving, and effective prevention is more important than ever. As financial institutions bolster their fraud controls, criminals are shifting to exploit your customers with Authorized Push Payment (APP) scams such as Business Email Compromise (BEC) and investment schemes. A recent Internet Crime Complaint Center (IC3) report has highlighted that APP scams were behind billions in cybercrime losses in 2022 — and that they remain a major concern for financial institutions.
Anatomy of APP Fraud
APP fraud is a lucrative scam typology grounded in manipulation and deceit. Through social engineering tactics, victims are persuaded into transferring funds to a fraudster posing as a genuine payee — often in response to an urgent but fictitious request and through an irrevocable payment method, such as a wire. Victims may be businesses or consumers, and the crime is extremely challenging to detect. It is the authorized customer who initiates the payment, rendering most authentication-based controls, such as tokens and one-time passwords, ineffective.
Prime Suspect: Cybercrime Losses Soar
The IC3’s new 2022 Internet Crime Report shows concerning growth in the prevalence and impact of cybercrime, and APP fraud in particular. While the number of cybercrime complaints received by the organization declined in 2022, total losses rose 49% from $6.9 billion in 2021 to $10.3 billion in 2022. This marked another consecutive year of growth in losses, and the largest increase in five years. Most notably, elderly individuals, aged 60 years or older, were prime targets experiencing $3.1 billion in losses.
The report also shows that, of all the internet-related crime reported to the IC3, APP scams are by far the most profitable. Two APP fraud typologies, investment schemes and BEC, accounted for more than $6 billion in cumulative losses — more than half the total amount reported to the IC3 in 2022. Of the two, investment scams were the costliest, driven by unprecedented levels of crypto investment scams. Over $7 billion in losses involved scams where the victim knowingly transferred funds but was unaware that the payment was destined for a money mule (I.e., BEC, investment scams, romance or confidence scams, real-estate fraud, and government impersonation fraud).
These statistics indicate that cybercrime is likely underreported, and that fraudsters are becoming increasingly proficient at stealing large amounts of funds and targeting vulnerable populations.
Decisive Action: The Power of Consortium Analytics
As the threat from cybercrime and APP fraud increases across the industry, financial institutions need a solution that provides effective detection for commonly exploited payment channels, such as wire and ACH. Through Consortium Analytics, Verafin’s Payment Fraud consider the complete picture of risk across the entirety of a transfer. Payments involving known accounts with a history of legitimate activity across the consortium are analyzed as lower risk, while payments involving unrecognized accounts are analyzed as higher risk — representing potential mules or other accounts opened to facilitate fraud.
By combining this complete understanding of payer and payee risk with intelligently segmented analytics and real-time interdiction capabilities, Verafin’s Payment Fraud solution allows your institution to decisively shut down suspicious transactions and allow legitimate transfers to proceed with confidence. Our Payment Fraud analytics are deliverable as an individual solution, as part of a robust Anti-Financial Crime platform, or through risk scores from real-time APIs to integrate into existing payment solutions.
For more information on Verafin’s consortium approach to combating payment fraud, download our Product Brochure.